手记

基于kubernetes1.11安装Harbor私有镜像库(二)

简介

Trafik,和nginx-ingress类似,都是用于微服务集群的HTTP/HTTPS代理转发和负载均衡的。
相对nginx-ingress来说, Traefik部署更简单,其反向代理和负载均衡功能更直接高效。
本节主要说明如何在kubernetes1.11上安装traefik,及配置https转发的流程。

安装Traefik

  • 下载源安装包
[root@kubemaster DevOps]# git clone https://github.com/containous/traefik.git
[root@kubemaster DevOps]# cd traefik/examples/k8s
[root@kubemaster k8s]# ls
cheese-default-ingress.yaml  cheese-services.yaml             traefik-deployment.yaml         traefik-rbac.yaml
cheese-deployments.yaml      cheeses-ingress.yaml             ui.yaml
cheese-ingress.yaml          traefik-ds.yaml

一般来说,我们只需要配置及部署traefik-deployment.yaml,traefik-rbac.yaml,ui.yaml这三个文件即可。

  • 创建traefik-rbac

因为Kubernetes在1.6之后的版本启用了RBAC鉴权机制,所以需配置ClusterRole及ClusterRoleBinding来对api-server进行相应权限的控制。

[root@kubemaster k8s]# kubectl apply -f traefik-rbac.yaml 
clusterrole.rbac.authorization.k8s.io "traefik-ingress-controller" created
clusterrolebinding.rbac.authorization.k8s.io "traefik-ingress-controller" created

#检查是否创建成功
[root@kubemaster k8s]# kubectl get clusterrolebinding | grep traefik
traefik-ingress-controller                             5s
[root@kubemaster k8s]# kubectl get clusterrole | grep traefik
traefik-ingress-controller                                             13s

可以此时看到已经完成clusterrole,clusterrolebinding的创建了。

  • 创建traefik服务
[root@kubemaster k8s]# kubectl apply -f traefik-deployment.yaml 
serviceaccount "traefik-ingress-controller" created
deployment.extensions "traefik-ingress-controller" created
service "traefik-ingress-service" created

#检查是否创建成功
[root@kubemaster k8s]# kubectl get svc,deployment,pod -n kube-system | grep traefik
service/traefik-ingress-service   NodePort    10.104.254.55    <none>        80:32672/TCP,8080:30005/TCP   15h
deployment.extensions/traefik-ingress-controller   1         1         1            1           2d
pod/traefik-ingress-controller-6f6d87769d-l7vgv   1/1       Running   0          15h

可以看到service,pod等都已经运行起来。

  • 创建ui服务

    • (1)修改ui.yaml
---
apiVersion: v1
kind: Service
metadata:
  name: traefik-web-ui
  namespace: kube-system
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
  - name: web
    port: 80
    targetPort: 8080

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: traefik-web-ui
  namespace: kube-system
  annotations:            ## 添加注解, 定义ingress.class为traefik
    kubernetes.io/ingress.class: traefik
spec:
  tls:
    - secretName: traefik-cert
  rules:
  - host: traefik.example.com  ## 主要修改这里,把host改为你自己的
    http:
      paths:
      - path: /
        backend:
          serviceName: traefik-web-ui
          servicePort: web
  • (2)创建service及检查
[root@kubemaster k8s]# kubectl apply -f ui.yaml
service "traefik-web-ui" created
ingress.extensions "traefik-web-ui" created

# 检查是否创建成功
[root@kubemaster k8s]# kubectl describe ing traefik-web-ui -n kube-system
Name:             traefik-web-ui
Namespace:        kube-system
Address:          
Default backend:  default-http-backend:80 (<none>)
Rules:
  Host                   Path  Backends
  ----                   ----  --------
  traefik.example.com  
                         /   traefik-web-ui:web (10.244.2.43:8080,192.168.1.49:8080,192.168.1.50:8080)
Annotations:
  kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/ingress.class":"traefik"},"name":"traefik-web-ui","namespace":"kube-system"},"spec":{"rules":[{"host":"traefik.example.com","http":{"paths":[{"backend":{"serviceName":"traefik-web-ui","servicePort":"web"},"path":"/"}]}}]}}

  kubernetes.io/ingress.class:  traefik
Events:                         <none>

[root@kubemaster k8s]# kubectl get ing traefik-web-ui -n kube-system
NAME             HOSTS                   ADDRESS   PORTS     AGE
traefik-web-ui   traefik.example.com             80   15h
  • 浏览器访问traefik

修改本机host或添加公网域名解析,通过traefik.example.com来访问, 效果如下:

1人推荐
随时随地看视频
慕课网APP